Перегляд за Автор "Subach, Ihor"
Зараз показуємо 1 - 9 з 9
Результатів на сторінці
Налаштування сортування
Документ Відкритий доступ Aggregation of information from diverse networks as the basis for training cyber security specialists on processing ultra large data sets(Institute of Special Communication and Information Protection of National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, 2021) Lande, Dmytro; Puchkov, Oleksandr; Subach, IhorThe basic principles of training cybersecurity specialists on processing large data sets to solve complex unstructured tasks in the course of their functional responsibilities based on the achievements of Data Science in the field of cybersecurity, by acquiring the necessary competencies and practical application of the latest information technologies based on methods of aggregation of large amounts of data are substantiatedand presented. The most common latest technologiesand tools in the field of cybersecurity, the list of which allows getting a fairly holistic view of what is used today by specialists in the field of Data Science, are considered. The tools you need to have to solve complex problems using big data are analyzed.The subject of the study is the fundamental provisions of the concept of “big data”; appropriate data models; architectural concepts of creating information systems for “big data”; big data analytics, as well as the practical application of big dataprocessing results. The theoretical basis of the training, which includes two sections: “Big Data: theoretical principles”, and “Technological applications for big data”, which, in turn, are logically divided into ten, is considered. As a material and technical basis for the acquisition of practical skills by students, a model based on the system “CyberAggregator” was created and described, which operates and is constantly improved in accordance with the expansion of the list of tasks assigned to it. The CyberAggregator system consists of three main parts: a server for collecting and primary processing of information; an information retrieval server (search engine); an interface server from which the service is provided to users and other systems via the API. The system is based on technological components such as the Elasticsearch information retrieval system, the Kibana utility, the Neo4j database graph management system, JavaScript-based results visualization tools (D3.js) and network information scanningmodules. The system provides the implementation of such functions as the formation of databases from certain information resources; maintaining full-text databases of information; detection of duplicates similar in content to information messages; full-text search; analysis of text messages, determination of tonality, formation of analytical reports; integration with the geographic information system; data analysis and visualization; research of thematic information flows dynamics; forecasting events basedon the analysis of the publications dynamics, etc. The suggested approach allows students to acquire the necessary competencies needed to process effectively large amounts of data from social networks, create systems for monitoring network information on cybersecurity, selection of relevant information from social networks, search engine implementation, analytical research, forecasting.Документ Відкритий доступ Investigation of associative rule search method for detection of cyber incidents in information management systems and security events using CICIDS2018 test data set(Institute of Special Communication and Information Protection of National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, 2024) Onishchenko, Volodymyr; Puchkov, Oleksandr; Subach, IhorAutomated rule generation for cyber incident identification in information management and security event systems (SIEM, SYSTEM, etc.) plays a crucial role in modern cyberspace defense, where data volumes are exponentially increasing, and the complexity and speed of cyber-attacks are constantly rising. This article explores approaches and methods for automating the process of cyber incident identification rule generation to reduce the need for manual work and ensure flexibility in adapting to changes in threat models. The research highlights the need for utilizing modern techniques of Intelligent Data Analysis (IDA) to process large volumes of data and formulate behavior rules for systems and activities in information systems. The conclusion emphasizes the necessity of integrating multiple research directions, including analyzing existing methods and applying IDA algorithms to search for associative rules from large datasets. Key challenges addressed include the complexity of data modeling, the need to adapt to changes in data from dynamic cyber attack landscapes, and the speed of rule generation algorithms for their identification. The issue of the "dimensionality curse" and the identification of cybersecurity event sequences over time, particularly relevant to SIEM, are discussed. The research objective is defined as the analysis and evaluation of various mathematical methods for automated associative rule generation to identify cyber incidents in SIEM. The most effective strategies for enhancing the efficiency of associative rule generation and their adaptation to the dynamic change of the cybersecurity system state are identified to strengthen the protection of information infrastructure.Документ Відкритий доступ Methodology of formation of fuzzy associative rules with weighted attributes from SIEM database for detection of cyber incidents in special information and communication systems(Institute of Special Communication and Information Protection of National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, 2023) Subach, Ihor; Mykytiuk, ArtemThe article presents the method of forming associative rules from the database of the SIEM system for detecting cyber incidents, which is based on the theory of fuzzy sets and methods of data mining. On the basis of the conducted analysis, a conclusion was made about the expediency of detecting cyber incidents in special information and communication systems (SICS) by applying rule- oriented methods. The necessity of applying data mining technologies, in particular, methods of forming associative rules to supplement the knowledge base (KB) of the SIEM system with the aim of improving its characteristics in the process of detecting cyber incidents, is substantiated. For the effective application of cyber incident detection models built on the basis of the theory of fuzzy sets, the use of fuzzy associative rule search methods is proposed, which allow processing heterogeneous data about cyber incidents and are transparent for perception. The mathematical apparatus for forming fuzzy associative rules is considered and examples of its application are given. In order to increase the effectiveness of the methods of searching for fuzzy associative rules from the database of the SIEM it is proposed to use weighting coefficients of attributes that characterize the degree of manifestation of their importance in the fuzzy rule. A formal formulation of the problem of forming fuzzy associative rules with weighted attributes and which are used for the identification of cyber incidents is given. A scheme of their formation and application for identification of cyber incidents is proposed. The method of forming fuzzy associative rules with weighted attributes from the database of the SIEM is given. The problem of determining the weighting coefficients of the relative importance of SIEM system DB attributes is formulated and a method for its solution is proposed. The formulation of the problem of finding sets of elements that have a weighted fuzzy support of at least the given one and are used to form fuzzy associative rules with weighted attributes is given. Methods for its solution are proposed.Документ Відкритий доступ An ontology modelling human resources management for innovational domains(Institute of Special Communication and Information Protection of National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, 2018) Hladun, Anatolii; Rohushyna, Yuliia; Subach, IhorWe propose objective methods of the semantic comparison of the business task description with documents describing competencies of applicants. The advantages of qualifications describing through the triad of professional qualities – knowledge, skills and competencies – are demonstrated. Scientific novelty of this work deals with the use of atomic competencies as a main component of original ontological qualification model that becomes an instrument for solving of the complex scientific problem of qualification matching. The authors develop the original ontology that describe the high-level relations of employers and employees. This ontology can be integrated with domain and organizational ontologies that specialized these relations for some concrete task. Such approach can be useful for innovation domains (new or multidiscipline) where expert groups and formal specifications of professional skills stand on stage of formation. Information acquired from natural language documents that characterize applicants is represented by ontology-based thesauri that objectively reflect area of expertise of participants and thesaurus of project built by it’s natural language descriptions. Than these thesauri are matched on semantic level to define what part of such competencies is relevant to project needs. These methods provide the detection of the most relevant specialists able to carry out specific tasks of new promising domains. The retrieval can be provided in the Web-open environment or in natural language documents proposed by applicants. The results of this research can be used for Human Resources Management in automated semantic evaluation of competencies for new and multidiscipline subject domains deal with scientific research and knowledge processing that evaluated by scientometric measures. Proposed methods uses domain knowledge and information about structure of research activities formalized by ontologies. These methods are based on semantic matching of description of the documents (diplomas, certificates, articles, monographs, conference materials, Web sites etc.), describing the competence of standard developers in chosen domain.Документ Відкритий доступ OSINT investigation to detect and prevent cyber attacks and cyber security incidents(Institute of Special Communication and Information Protection of National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, 2021) Puchkov, Oleksandr; Lande, Dmytro; Subach, Ihor; Boliukh, Mykhailo; Nahornyi, DmytroA methodology for investigatingand predicting cyber incidents based on the use of open sources of information and freely available open source software is offeredand substantiated. The suggestedmethodology refers to suchtypes of methodologies as Open Source Intelligence (OSINT). In addition, it is based on technologies of monitoring the modern Internet space, the concept of processing large amounts of data (Big Data), complex networks (Complex Networks), and extracting knowledge from text arrays (Text Mining). The components of the keyword detection technology (NLTK, Natural Language Toolkit), concepts (SpaCy, NLP), graph visualization and analysis systems are considered in detail. The main idea of analyzing large amounts of data on cybersecurity from the Internet space is to use methods and tools for collecting data using global search engines, aggregating information flows and mining the data obtained. The technique is based on the implementation of such functions as the collection of relevant information from certain information resources using the capabilities of global search engines; automatic scanning and primary processing of information from websites; formation of full-text arrays of information; analysis of text messages, determination of sentiment, formation of analytical reports; integration with a geographic information system; analysis and visualization of information reports; research of dynamics of thematic information flows; forecasting the development of events based on the analysis of the dynamics of publications in the Internet space. In the analytical mode, a number of tools are implemented for graphical presentation of data dynamics, displayed as a time series of the number of messages per day matching to a specific cyber incident,viewing plots from messages on the topic of cyber incidents, clusters grouped by the cluster analysis algorithm. Within the framework of the methodology, it is provided for the formation and inclusion of networks in operational reports from concepts matching to people, organizations, information sources, allowing to explorethe relationship between them.Документ Відкритий доступ Аналіз існуючих рішень запобігання вторгненням в інформаційно-телекомунікаційні мережі(Institute of Special Communication and Information Protection of National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, 2017) Субач, Ігор Юрійович; Фесьоха, Віталій Вікторович; Фесьоха, Надія Олександрівна; Subach, Ihor; Fesokha, Vitalii; Fesokha, NadiaДокумент Відкритий доступ Метод рішення задачі розподілу інформаційного ресурсу в АСУ спеціального призначення при варіативному розмірі інформаційних блоків(Institute of special communication and information security of National technical university of Ukraine «Kyiv polytechnic institute», 2016) Субач, Ігор; Чаузов, Олександр; Кучук, Ніна; Subach, Ihor; Chauzov, Oleksandr; Kuchuk, NinaДокумент Відкритий доступ Модель виявлення кібернетичних атак на інформаційно-телекомунікаційні системи на основі описання аномалій їх роботи зваженими нечіткими правилами(Institute of Special Communication and Information Protection of National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, 2017) Субач, Ігор Юрійович; Фесьоха, Віталій Вікторович; Subach, Ihor; Fesokha, VitaliiДокумент Відкритий доступ Моделі розподілу інформаційного ресурсу в АСУ спеціального призначення(Institute of special communication and information security of National technical university of Ukraine «Kyiv polytechnic institute», 2016) Субач, Ігор; Чаузов, Олександр; Кучук, Ніна; Subach, Ihor; Chauzov, Oleksandr; Kuchuk, Nina